July 29, 2008
As more phish messages are propagating to educational users and the summer winds down, we would like to show the webmail users how to determine the source of an email message. For those who have received several phish, the content usually exhorts you to send your username and password via email (a no-no!) to an official sounding email address.
Case will never ask for this information via email.
To identify phish messages while using a webmail (Gmail is our example) service, you need to look at the original, non-HTML message. Common spam and phishing email typically has an invalid 'reply-to' field. Here is how to view the message source in Gmail:
1. Log in to Gmail.
2. Open the message of interest.
3. If you use standard HTML View, Click the down arrow next to Reply, at the top-right of the message pane.
4. Select Show original.
The full headers will appear in a new window.
The "Received: " fields are often multiple, so the one closest to the bottom is the originator. If the originator isn't who the "From:" line says, you've got a phish or spam for certain.
Posted by Thomas Siu at 11:14 AM